doutong2132 2014-05-31 03:03
浏览 52
已采纳

在客户端防止操作cookie

I know that cookie only work with string and does not accept array... so far so good

Creating and reading a cookie:

setcookie( 'name' , 'my name is foo' );
echo $_COOKIE['name']; // output my name is foo


If the user change the cookie name to: name[]
he changes the cookie name in an array and we get an error: Array to string conversion.

1) how can we prevent this kind of safe handling of cookies?
2) if we work with a class of cookie, the get method should return only strings?

  • 写回答

1条回答 默认 最新

  • duanguangwang5829 2014-05-31 03:14
    关注

    You have two choices:

    1. Use session variables instead of cookies.

    2. Validate your cookes when you use them. One part of this could be encrypting the cookie value, and prepending a private key before the value. The script can decrypt the cookie and test whether it begins with the private key. You can also test whether the user renamed the cookie to an array:

      if (is_string($_COOKIE['name'])) {
    ...
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 对于相关问题的求解与代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 信号傅里叶变换在matlab上遇到的小问题请求帮助
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料